Why and How to Use Unattended-Upgrades on a Ubuntu server?

Krishnakanth Alagiri
2 min readMar 2, 2023

--

SysAdmins already have enough on their plate without having to manually update their systems every day!

Why Use Unattended-Upgrades?

Keeping software up-to-date is crucial for security reasons, as updates often include patches for vulnerabilities. However, it can be time-consuming and inconvenient to manually update packages regularly. This is where Unattended-Upgrades comes in.

Unattended-Upgrades is a package for Ubuntu that allows automatic installation of security updates. This means that critical updates are installed without user intervention, reducing the risk of security breaches and keeping your system secure.

How to Install and Configure Unattended-Upgrades

  1. Install the Unattended-Upgrades package by running the following command:
sudo apt-get install unattended-upgrades

2. Edit the configuration file /etc/apt/apt.conf.d/50unattended-upgrades to enable automatic security updates. Uncomment the following line:

//Unattended-Upgrade::Allowed-Origins { 
// "${distro_id}:${distro_codename}-security";
// "${distro_id}:${distro_codename}-updates";
//};

So it looks like this:

Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}-security";
"${distro_id}:${distro_codename}-updates";
};

This tells Unattended-Upgrades to automatically install updates from the security repository and the main repository.

3. Enable automatic updates by editing the configuration file /etc/apt/apt.conf.d/20auto-upgrades. Uncomment the following lines:

APT::Periodic::Update-Package-Lists "1"; 
APT::Periodic::Unattended-Upgrade "1";

This tells the system to update the package lists and install security updates automatically.

4. Configure email notifications (optional). By default, Unattended-Upgrades sends an email to root whenever an update is installed. To configure email notifications, edit the configuration file /etc/apt/apt.conf.d/50unattended-upgrades and add the following lines:

Unattended-Upgrade::Mail "youremail@example.com";
Unattended-Upgrade::MailOnlyOnError "true";

Replace youremail@example.com with your email address.

5. Restart the Unattended-Upgrades service to apply the changes:

sudo systemctl restart unattended-upgrades

That’s it! Your Ubuntu system is now configured to automatically install security updates. You can rest easy knowing that your system is up-to-date and secure.

--

--